AIM-PIbd-32-Kurbanova-A-A/aimenv/Lib/site-packages/win32/test/test_security.py

167 lines
5.9 KiB
Python
Raw Normal View History

2024-10-02 22:15:59 +04:00
# Tests for the win32security module.
import unittest
import ntsecuritycon
import pywintypes
import win32api
import win32con
import win32security
import winerror
from pywin32_testutil import TestSkipped, ob2memory, testmain
class SecurityTests(unittest.TestCase):
def setUp(self):
self.pwr_sid = win32security.LookupAccountName("", "Power Users")[0]
try:
self.admin_sid = win32security.LookupAccountName("", "Administrator")[0]
except pywintypes.error as exc:
# in automation we see:
# pywintypes.error: (1332, 'LookupAccountName', 'No mapping between account names and security IDs was done.')
if exc.winerror != winerror.ERROR_NONE_MAPPED:
raise
self.admin_sid = None
def tearDown(self):
pass
def testEqual(self):
if self.admin_sid is None:
raise TestSkipped("No 'Administrator' account is available")
self.assertEqual(
win32security.LookupAccountName("", "Administrator")[0],
win32security.LookupAccountName("", "Administrator")[0],
)
def testNESID(self):
self.assertTrue(self.pwr_sid == self.pwr_sid)
if self.admin_sid:
self.assertTrue(self.pwr_sid != self.admin_sid)
def testNEOther(self):
self.assertTrue(self.pwr_sid != None)
self.assertTrue(None != self.pwr_sid)
self.assertFalse(self.pwr_sid == None)
self.assertFalse(None == self.pwr_sid)
self.assertNotEqual(None, self.pwr_sid)
def testSIDInDict(self):
d = dict(foo=self.pwr_sid)
self.assertEqual(d["foo"], self.pwr_sid)
def testBuffer(self):
if self.admin_sid is None:
raise TestSkipped("No 'Administrator' account is available")
self.assertEqual(
ob2memory(win32security.LookupAccountName("", "Administrator")[0]),
ob2memory(win32security.LookupAccountName("", "Administrator")[0]),
)
def testMemory(self):
pwr_sid = self.pwr_sid
admin_sid = self.admin_sid
sd1 = win32security.SECURITY_DESCRIPTOR()
sd2 = win32security.SECURITY_DESCRIPTOR()
sd3 = win32security.SECURITY_DESCRIPTOR()
dacl = win32security.ACL()
dacl.AddAccessAllowedAce(
win32security.ACL_REVISION, win32con.GENERIC_READ, pwr_sid
)
if admin_sid is not None:
dacl.AddAccessAllowedAce(
win32security.ACL_REVISION, win32con.GENERIC_ALL, admin_sid
)
sd4 = win32security.SECURITY_DESCRIPTOR()
sacl = win32security.ACL()
if admin_sid is not None:
sacl.AddAuditAccessAce(
win32security.ACL_REVISION, win32con.DELETE, admin_sid, 1, 1
)
sacl.AddAuditAccessAce(
win32security.ACL_REVISION, win32con.GENERIC_ALL, pwr_sid, 1, 1
)
for x in range(0, 200000):
if admin_sid is not None:
sd1.SetSecurityDescriptorOwner(admin_sid, 0)
sd2.SetSecurityDescriptorGroup(pwr_sid, 0)
sd3.SetSecurityDescriptorDacl(1, dacl, 0)
sd4.SetSecurityDescriptorSacl(1, sacl, 0)
class DomainTests(unittest.TestCase):
def setUp(self):
self.ds_handle = None
try:
# saving the handle means the other test itself should bind faster.
self.ds_handle = win32security.DsBind()
except win32security.error as exc:
if exc.winerror != winerror.ERROR_NO_SUCH_DOMAIN:
raise
raise TestSkipped(exc)
def tearDown(self):
if self.ds_handle is not None:
self.ds_handle.close()
class TestDS(DomainTests):
def testDsGetDcName(self):
# Not sure what we can actually test here! At least calling it
# does something :)
win32security.DsGetDcName()
def testDsListServerInfo(self):
# again, not checking much, just exercising the code.
h = win32security.DsBind()
for status, ignore, site in win32security.DsListSites(h):
for status, ignore, server in win32security.DsListServersInSite(h, site):
info = win32security.DsListInfoForServer(h, server)
for status, ignore, domain in win32security.DsListDomainsInSite(h, site):
pass
def testDsCrackNames(self):
h = win32security.DsBind()
fmt_offered = ntsecuritycon.DS_FQDN_1779_NAME
name = win32api.GetUserNameEx(fmt_offered)
result = win32security.DsCrackNames(h, 0, fmt_offered, fmt_offered, (name,))
self.assertEqual(name, result[0][2])
def testDsCrackNamesSyntax(self):
# Do a syntax check only - that allows us to avoid binding.
# But must use DS_CANONICAL_NAME (or _EX)
expected = win32api.GetUserNameEx(win32api.NameCanonical)
fmt_offered = ntsecuritycon.DS_FQDN_1779_NAME
name = win32api.GetUserNameEx(fmt_offered)
result = win32security.DsCrackNames(
None,
ntsecuritycon.DS_NAME_FLAG_SYNTACTICAL_ONLY,
fmt_offered,
ntsecuritycon.DS_CANONICAL_NAME,
(name,),
)
self.assertEqual(expected, result[0][2])
class TestTranslate(DomainTests):
def _testTranslate(self, fmt_from, fmt_to):
name = win32api.GetUserNameEx(fmt_from)
expected = win32api.GetUserNameEx(fmt_to)
got = win32security.TranslateName(name, fmt_from, fmt_to)
self.assertEqual(got, expected)
def testTranslate1(self):
self._testTranslate(win32api.NameFullyQualifiedDN, win32api.NameSamCompatible)
def testTranslate2(self):
self._testTranslate(win32api.NameSamCompatible, win32api.NameFullyQualifiedDN)
def testTranslate3(self):
self._testTranslate(win32api.NameFullyQualifiedDN, win32api.NameUniqueId)
def testTranslate4(self):
self._testTranslate(win32api.NameUniqueId, win32api.NameFullyQualifiedDN)
if __name__ == "__main__":
testmain()